rpm package
suse/ruby&distro=SUSE Linux Enterprise Server for SAP Applications 11 SP4
pkg:rpm/suse/ruby&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-1855 | — | < 1.8.7.p357-0.9.19.1 | 1.8.7.p357-0.9.19.1 | Nov 29, 2019 | verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards i | ||
| CVE-2015-7551 | Hig | 8.4 | < 1.8.7.p357-0.9.19.1 | 1.8.7.p357-0.9.19.1 | Mar 24, 2016 | The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or c |
- CVE-2015-1855Nov 29, 2019affected < 1.8.7.p357-0.9.19.1fixed 1.8.7.p357-0.9.19.1
verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards i
- affected < 1.8.7.p357-0.9.19.1fixed 1.8.7.p357-0.9.19.1
The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or c